Amos Jeffries wrote:
> >>>> If I have to stick to some old unsupported version, I'd
> >>>> choose 2.7. It has worked flawlessly until it was deleted
> >>>> from the ports tree and I had to migrate to squid3.
> >
> >
> > Also, are you using HTTPS interception? there are known memory
> > leaks in OpenSSL.
No, God forbid. No interception of any kind.
> >
>
> Also, what does your squid.conf contain? (without comments or
> cachemgr_passwd lines)
auth_param ntlm program /root/bin/ntlm_auth SIBPTUS/MSG01-SIBPTUS
SIBPTUS/DC01-SIBPTUS
auth_param ntlm children 100
auth_param ntlm keep_alive on
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443 9010 8082 4443 9443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 4443 # https Tomskstat
acl Safe_ports port 9010 # CGP management
acl Safe_ports port 8082 # ecolog
acl CONNECT method CONNECT
acl sibptus src 10.14.128.0/20
acl password proxy_auth_regex -i "/usr/local/etc/squid/users.txt"
acl domain_users proxy_auth REQUIRED
acl workhours time MTWH 9:00-18:00
acl workhours time F 9:00-16:45
acl lunch time 13:00-14:00
acl private dst 10.0.0.0/8
acl private dst 172.16.0.0/12
acl private dst 192.168.0.0/16
acl business dstdomain "/usr/local/etc/squid/whitelist.txt"
acl pogoda url_regex -i ^http://pics.rbc.ru/img/grinf/elections3.gif$
acl pogoda url_regex -i ^http://informer.gismeteo.ru/29430-10.GIF$
acl ident_privileged ident_regex -i "/usr/local/etc/squid/ident.txt"
acl badsites dstdomain "/usr/local/etc/squid/badsites.txt"
acl illegal dstdomain "/usr/local/etc/squid/illegal.txt"
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny badsites
http_access deny private
http_access allow pogoda
http_access allow sibptus business
http_access allow sibptus ident_privileged
http_access allow sibptus lunch domain_users
http_access allow sibptus !workhours domain_users
http_access allow sibptus password
http_access allow localhost
http_access deny all
ident_lookup_access allow sibptus
http_port 3128
http_port 8080
tcp_outgoing_address 10.14.140.9
cache_mem 128 MB
cache_dir ufs /webcache/cache 512 16 256
access_log stdio:/webcache/logs/access.log
pid_filename /webcache/squid.pid
cache_log /webcache/logs/cache.log
coredump_dir /var/squid/cache/squid
ftp_user [email protected]
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
shutdown_lifetime 10 seconds
cache_mgr [email protected]
visible_hostname proxy.sibptus.transneft.ru
delay_pools 1
delay_class 1 1 # pool 1 is a class 1 pool
delay_access 1 allow all
delay_parameters 1 1024000/1024000
append_domain .sibptus.transneft.ru
memory_pools off
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[email protected]
_______________________________________________
squid-users mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-users
